src/usr.bin/ssh/ssh.c - diff

Return to ssh.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh.c between version 1.226 and 1.226.2.3

version 1.226, 2004/09/07 23:41:30

version 1.226.2.3, 2005/09/02 03:45:01

Line 144

/* fd to control socket */

int control_fd = -1;

/* Multiplexing control command */

static u_int mux_command = 0;

/* Only used in control client mode */

volatile sig_atomic_t control_client_terminate = 0;

u_int control_server_pid = 0;

Line 154

Line 157

usage(void)

{

fprintf(stderr,

"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"

"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"

" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n"

" [-D port] [-e escape_char] [-F configfile]\n"

" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n"

" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"

" [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n"

" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"

" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"

" [user@]hostname [command]\n"

);

exit(1);

}

Line 174

Line 179

main(int ac, char **av)

{

int i, opt, exit_status;

u_short fwd_port, fwd_host_port;

char sfwd_port[6], sfwd_host_port[6];

char *p, *cp, *line, buf[256];

struct stat st;

struct passwd *pw;

int dummy;

extern int optind, optreset;

extern char *optarg;

struct servent *sp;

Forward fwd;

* Save the original real uid. It will be needed later (uid-swapping

Line 231

Line 236

again:

while ((opt = getopt(ac, av,

"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) {

"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) {

switch (opt) {

case '1':

options.protocol = SSH_PROTO_1;

Line 265

Line 270

case 'g':

options.gateway_ports = 1;

break;

case 'O':

if (strcmp(optarg, "check") == 0)

mux_command = SSHMUX_COMMAND_ALIVE_CHECK;

else if (strcmp(optarg, "exit") == 0)

mux_command = SSHMUX_COMMAND_TERMINATE;

else

fatal("Invalid multiplex command.");

break;

case 'P': /* deprecated */

options.use_privileged_port = 0;

break;

Line 280

Line 293

case 'i':

if (stat(optarg, &st) < 0) {

fprintf(stderr, "Warning: Identity file %s "

"does not exist.\n", optarg);

"not accessible: %s.\n", optarg,

strerror(errno));

break;

}

if (options.num_identity_files >=

Line 311

Line 325

options.log_level++;

break;

}

/* fallthrough */

/* FALLTHROUGH */

case 'V':

fprintf(stderr, "%s, %s\n",

SSH_VERSION, SSLeay_version(SSLEAY_VERSION));

Line 368

Line 382

}

break;

case 'M':

options.control_master =

if (options.control_master == SSHCTL_MASTER_YES)

(options.control_master >= 1) ? 2 : 1;

options.control_master = SSHCTL_MASTER_ASK;

else

options.control_master = SSHCTL_MASTER_YES;

break;

case 'p':

options.port = a2port(optarg);

Line 383

Line 399

break;

case 'L':

case 'R':

if (parse_forward(&fwd, optarg))

if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]",

add_local_forward(&options, &fwd);

sfwd_port, buf, sfwd_host_port) != 3 &&

else {

sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]",

sfwd_port, buf, sfwd_host_port) != 3) {

fprintf(stderr,

"Bad forwarding specification '%s'\n",

"Bad local forwarding specification '%s'\n",

optarg);

usage();

exit(1);

/* NOTREACHED */

}

if ((fwd_port = a2port(sfwd_port)) == 0 ||

break;

(fwd_host_port = a2port(sfwd_host_port)) == 0) {

case 'R':

if (parse_forward(&fwd, optarg)) {

add_remote_forward(&options, &fwd);

} else {

fprintf(stderr,

"Bad forwarding port(s) '%s'\n", optarg);

"Bad remote forwarding specification "

"'%s'\n", optarg);

exit(1);

}

if (opt == 'L')

add_local_forward(&options, fwd_port, buf,

fwd_host_port);

else if (opt == 'R')

add_remote_forward(&options, fwd_port, buf,

fwd_host_port);

break;

case 'D':

fwd_port = a2port(optarg);

cp = p = xstrdup(optarg);

if (fwd_port == 0) {

memset(&fwd, '\0', sizeof(fwd));

fwd.connect_host = "socks";

if ((fwd.listen_host = hpdelim(&cp)) == NULL) {

fprintf(stderr, "Bad dynamic forwarding "

"specification '%.100s'\n", optarg);

exit(1);

}

if (cp != NULL) {

fwd.listen_port = a2port(cp);

fwd.listen_host = cleanhostname(fwd.listen_host);

} else {

fwd.listen_port = a2port(fwd.listen_host);

fwd.listen_host = NULL;

}

if (fwd.listen_port == 0) {

fprintf(stderr, "Bad dynamic port '%s'\n",

optarg);

exit(1);

}

add_local_forward(&options, fwd_port, "socks", 0);

add_local_forward(&options, &fwd);

xfree(p);

break;

case 'C':

Line 520

Line 548

if (no_tty_flag)

tty_flag = 0;

/* Do not allocate a tty if stdin is not a tty. */

if (!isatty(fileno(stdin)) && !force_tty_flag) {

if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) {

if (tty_flag)

logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");

tty_flag = 0;

Line 572

Line 600

*p = tolower(*p);

}

/* Get default port if port has not been set. */

if (options.port == 0) {

sp = getservbyname(SSH_SERVICE_NAME, "tcp");

options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;

}

if (options.proxy_command != NULL &&

strcmp(options.proxy_command, "none") == 0)

options.proxy_command = NULL;

if (options.control_path != NULL &&

strcmp(options.control_path, "none") == 0)

options.control_path = NULL;

if (options.control_path != NULL) {

options.control_path = tilde_expand_filename(

snprintf(buf, sizeof(buf), "%d", options.port);

options.control_path, original_real_uid);

cp = tilde_expand_filename(options.control_path,

original_real_uid);

options.control_path = percent_expand(cp, "p", buf, "h", host,

"r", options.user, (char *)NULL);

xfree(cp);

}

if (options.control_path != NULL && options.control_master == 0)

if (mux_command != 0 && options.control_path == NULL)

control_client(options.control_path); /* This doesn't return */

fatal("No ControlPath specified for \"-O\" command");

if (options.control_path != NULL)

control_client(options.control_path);

/* Open a connection to the remote host. */

if (ssh_connect(host, &hostaddr, options.port,

Line 706

Line 749

return exit_status;

}

#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"

static void

x11_get_proto(char **_proto, char **_data)

{

char cmd[1024];

char line[512];

char xdisplay[512];

static char proto[512], data[512];

FILE *f;

int got_data = 0, generated = 0, do_unlink = 0, i;

char *display, *xauthdir, *xauthfile;

struct stat st;

xauthdir = xauthfile = NULL;

*_proto = proto;

*_data = data;

proto[0] = data[0] = '\0';

if (!options.xauth_location ||

(stat(options.xauth_location, &st) == -1)) {

debug("No xauth program.");

} else {

if ((display = getenv("DISPLAY")) == NULL) {

debug("x11_get_proto: DISPLAY not set");

return;

}

* Handle FamilyLocal case where $DISPLAY does

* not match an authorization entry. For this we

* just try "xauth list unix:displaynum.screennum".

* XXX: "localhost" match to determine FamilyLocal

* is not perfect.

if (strncmp(display, "localhost:", 10) == 0) {

snprintf(xdisplay, sizeof(xdisplay), "unix:%s",

display + 10);

display = xdisplay;

}

if (options.forward_x11_trusted == 0) {

xauthdir = xmalloc(MAXPATHLEN);

xauthfile = xmalloc(MAXPATHLEN);

strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);

if (mkdtemp(xauthdir) != NULL) {

do_unlink = 1;

snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",

xauthdir);

snprintf(cmd, sizeof(cmd),

"%s -f %s generate %s " SSH_X11_PROTO

" untrusted timeout 1200 2>" _PATH_DEVNULL,

options.xauth_location, xauthfile, display);

debug2("x11_get_proto: %s", cmd);

if (system(cmd) == 0)

generated = 1;

}

snprintf(cmd, sizeof(cmd),

"%s %s%s list %s . 2>" _PATH_DEVNULL,

options.xauth_location,

generated ? "-f " : "" ,

generated ? xauthfile : "",

display);

debug2("x11_get_proto: %s", cmd);

f = popen(cmd, "r");

if (f && fgets(line, sizeof(line), f) &&

sscanf(line, "%*s %511s %511s", proto, data) == 2)

got_data = 1;

if (f)

pclose(f);

}

if (do_unlink) {

unlink(xauthfile);

rmdir(xauthdir);

}

if (xauthdir)

xfree(xauthdir);

if (xauthfile)

xfree(xauthfile);

* If we didn't get authentication data, just make up some

* data. The forwarding code will check the validity of the

* response anyway, and substitute this data. The X11

* server, however, will ignore this fake data and use

* whatever authentication mechanisms it was using otherwise

* for the local connection.

if (!got_data) {

u_int32_t rnd = 0;

logit("Warning: No xauth data; "

"using fake authentication data for X11 forwarding.");

strlcpy(proto, SSH_X11_PROTO, sizeof proto);

for (i = 0; i < 16; i++) {

if (i % 4 == 0)

rnd = arc4random();

snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",

rnd & 0xff);

rnd >>= 8;

}

static void

ssh_init_forwarding(void)

{

int success = 0;

Line 818

Line 757

/* Initiate local TCP/IP port forwardings. */

for (i = 0; i < options.num_local_forwards; i++) {

debug("Connections to local port %d forwarded to remote address %.200s:%d",

debug("Local connections to %.200s:%d forwarded to remote "

options.local_forwards[i].port,

"address %.200s:%d",

options.local_forwards[i].host,

(options.local_forwards[i].listen_host == NULL) ?

options.local_forwards[i].host_port);

(options.gateway_ports ? "*" : "LOCALHOST") :

options.local_forwards[i].listen_host,

options.local_forwards[i].listen_port,

options.local_forwards[i].connect_host,

options.local_forwards[i].connect_port);

success += channel_setup_local_fwd_listener(

options.local_forwards[i].port,

options.local_forwards[i].listen_host,

options.local_forwards[i].host,

options.local_forwards[i].listen_port,

options.local_forwards[i].host_port,

options.local_forwards[i].connect_host,

options.local_forwards[i].connect_port,

options.gateway_ports);

}

if (i > 0 && success == 0)

Line 833

Line 777

/* Initiate remote TCP/IP port forwardings. */

for (i = 0; i < options.num_remote_forwards; i++) {

debug("Connections to remote port %d forwarded to local address %.200s:%d",

debug("Remote connections from %.200s:%d forwarded to "

options.remote_forwards[i].port,

"local address %.200s:%d",

options.remote_forwards[i].host,

(options.remote_forwards[i].listen_host == NULL) ?

options.remote_forwards[i].host_port);

(options.gateway_ports ? "*" : "LOCALHOST") :

options.remote_forwards[i].listen_host,

options.remote_forwards[i].listen_port,

options.remote_forwards[i].connect_host,

options.remote_forwards[i].connect_port);

channel_request_remote_forwarding(

options.remote_forwards[i].port,

options.remote_forwards[i].listen_host,

options.remote_forwards[i].host,

options.remote_forwards[i].listen_port,

options.remote_forwards[i].host_port);

options.remote_forwards[i].connect_host,

options.remote_forwards[i].connect_port);

}

Line 862

Line 811

int have_tty = 0;

struct winsize ws;

char *cp;

const char *display;

/* Enable compression if requested. */

if (options.compression) {

Line 923

Line 873

packet_disconnect("Protocol error waiting for pty request response.");

}

/* Request X11 forwarding if enabled and DISPLAY is set. */

if (options.forward_x11 && getenv("DISPLAY") != NULL) {

display = getenv("DISPLAY");

if (options.forward_x11 && display != NULL) {

char *proto, *data;

/* Get reasonable local authentication information. */

x11_get_proto(&proto, &data);

client_x11_get_proto(display, options.xauth_location,

options.forward_x11_trusted, &proto, &data);

/* Request forwarding with authentication spoofing. */

debug("Requesting X11 forwarding with authentication spoofing.");

x11_request_forwarding_with_spoofing(0, proto, data);

x11_request_forwarding_with_spoofing(0, display, proto, data);

/* Read response from the server. */

type = packet_read();

Line 1016

Line 968

return;

debug("remote forward %s for: listen %d, connect %s:%d",

type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",

options.remote_forwards[i].port,

options.remote_forwards[i].listen_port,

options.remote_forwards[i].host,

options.remote_forwards[i].connect_host,

options.remote_forwards[i].host_port);

options.remote_forwards[i].connect_port);

if (type == SSH2_MSG_REQUEST_FAILURE)

logit("Warning: remote port forwarding failed for listen port %d",

logit("Warning: remote port forwarding failed for listen "

options.remote_forwards[i].port);

"port %d", options.remote_forwards[i].listen_port);

}

static void

Line 1030

Line 982

struct sockaddr_un addr;

mode_t old_umask;

if (options.control_path == NULL || options.control_master <= 0)

if (options.control_path == NULL ||

options.control_master == SSHCTL_MASTER_NO)

return;

debug("setting up multiplex master socket");

memset(&addr, '\0', sizeof(addr));

addr.sun_family = AF_UNIX;

addr.sun_len = offsetof(struct sockaddr_un, sun_path) +

Line 1048

Line 1003

old_umask = umask(0177);

if (bind(control_fd, (struct sockaddr*)&addr, addr.sun_len) == -1) {

control_fd = -1;

if (errno == EINVAL)

if (errno == EINVAL || errno == EADDRINUSE)

fatal("ControlSocket %s already exists",

options.control_path);

else

Line 1067

Line 1022

ssh_session2_setup(int id, void *arg)

{

extern char **environ;

const char *display;

int interactive = tty_flag;

if (options.forward_x11 && getenv("DISPLAY") != NULL) {

display = getenv("DISPLAY");

if (options.forward_x11 && display != NULL) {

char *proto, *data;

/* Get reasonable local authentication information. */

x11_get_proto(&proto, &data);

client_x11_get_proto(display, options.xauth_location,

options.forward_x11_trusted, &proto, &data);

/* Request forwarding with authentication spoofing. */

debug("Requesting X11 forwarding with authentication spoofing.");

x11_request_forwarding_with_spoofing(id, proto, data);

x11_request_forwarding_with_spoofing(id, display, proto, data);

interactive = 1;

/* XXX wait for reply */

}

Line 1237

Line 1195

control_client(const char *path)

{

struct sockaddr_un addr;

int i, r, sock, exitval, num_env;

int i, r, fd, sock, exitval, num_env;

Buffer m;

char *cp;

char *term;

extern char **environ;

u_int flags;

if (mux_command == 0)

mux_command = SSHMUX_COMMAND_OPEN;

switch (options.control_master) {

case SSHCTL_MASTER_AUTO:

case SSHCTL_MASTER_AUTO_ASK:

debug("auto-mux: Trying existing master");

/* FALLTHROUGH */

case SSHCTL_MASTER_NO:

break;

default:

return;

}

memset(&addr, '\0', sizeof(addr));

addr.sun_family = AF_UNIX;

addr.sun_len = offsetof(struct sockaddr_un, sun_path) +

Line 1254

Line 1227

if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)

fatal("%s socket(): %s", __func__, strerror(errno));

if (connect(sock, (struct sockaddr*)&addr, addr.sun_len) == -1)

if (connect(sock, (struct sockaddr*)&addr, addr.sun_len) == -1) {

fatal("Couldn't connect to %s: %s", path, strerror(errno));

if (mux_command != SSHMUX_COMMAND_OPEN) {

fatal("Control socket connect(%.100s): %s", path,

strerror(errno));

}

if (errno == ENOENT)

debug("Control socket \"%.100s\" does not exist", path);

else {

error("Control socket connect(%.100s): %s", path,

strerror(errno));

}

close(sock);

return;

}

if ((cp = getenv("TERM")) == NULL)

if (stdin_null_flag) {

cp = "";

if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)

fatal("open(/dev/null): %s", strerror(errno));

if (dup2(fd, STDIN_FILENO) == -1)

fatal("dup2: %s", strerror(errno));

if (fd > STDERR_FILENO)

close(fd);

}

term = getenv("TERM");

flags = 0;

if (tty_flag)

flags |= SSHMUX_FLAG_TTY;

if (subsystem_flag)

flags |= SSHMUX_FLAG_SUBSYS;

if (options.forward_x11)

flags |= SSHMUX_FLAG_X11_FWD;

if (options.forward_agent)

flags |= SSHMUX_FLAG_AGENT_FWD;

buffer_init(&m);

/* Get PID of controlee */

/* Send our command to server */

buffer_put_int(&m, mux_command);

buffer_put_int(&m, flags);

if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)

fatal("%s: msg_send", __func__);

buffer_clear(&m);

/* Get authorisation status and PID of controlee */

if (ssh_msg_recv(sock, &m) == -1)

fatal("%s: msg_recv", __func__);

if (buffer_get_char(&m) != 0)

if (buffer_get_char(&m) != SSHMUX_VER)

fatal("%s: wrong version", __func__);

/* Connection allowed? */

if (buffer_get_int(&m) != 1)

fatal("Connection to master denied");

control_server_pid = buffer_get_int(&m);

buffer_clear(&m);

buffer_put_int(&m, tty_flag);

buffer_put_int(&m, subsystem_flag);

buffer_put_cstring(&m, cp);

switch (mux_command) {

case SSHMUX_COMMAND_ALIVE_CHECK:

fprintf(stderr, "Master running (pid=%d)\r\n",

control_server_pid);

exit(0);

case SSHMUX_COMMAND_TERMINATE:

fprintf(stderr, "Exit request sent.\r\n");

exit(0);

case SSHMUX_COMMAND_OPEN:

/* continue below */

break;

default:

fatal("silly mux_command %d", mux_command);

}

/* SSHMUX_COMMAND_OPEN */

buffer_put_cstring(&m, term ? term : "");

buffer_append(&command, "\0", 1);

buffer_put_cstring(&m, buffer_ptr(&command));

Line 1298

Line 1321

}

if (ssh_msg_send(sock, /* version */0, &m) == -1)

if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)

fatal("%s: msg_send", __func__);

mm_send_fd(sock, STDIN_FILENO);

Line 1309

Line 1332

buffer_clear(&m);

if (ssh_msg_recv(sock, &m) == -1)

fatal("%s: msg_recv", __func__);

if (buffer_get_char(&m) != 0)

if (buffer_get_char(&m) != SSHMUX_VER)

fatal("%s: master returned error", __func__);

fatal("%s: wrong version", __func__);

buffer_free(&m);

signal(SIGHUP, control_client_sighandler);